Hi
"getent group <name>" does not give any output at all.
However "getent passwd" looks correctly up in the AD:
$ getent passwd zmir2
zmir2:*:2956636:100:Hans Schou:/home/zmir2:/bin/bash
$ grep -c ^zmir2 /etc/passwd
0
nsswitch looks fine:
$ egrep "^(group|passwd)" /etc/nsswitch.conf
passwd: files sss
group: files sss
SSO is working fine with both ssh and samba share.
$ realm list
foo.org
type: kerberos
realm-name:
FOO.ORG
domain-name:
foo.org
configured: kerberos-member
server-software: active-directory
client-software: winbind
required-package: oddjob-mkhomedir
required-package: oddjob
required-package: samba-winbind-clients
required-package: samba-winbind
required-package: samba-common-tools
login-formats: %U
login-policy: allow-any-login
foo.org
type: kerberos
realm-name:
FOO.ORG
domain-name:
foo.org
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U
login-policy: allow-realm-logins
# cat /etc/sssd/sssd.conf
[sssd]
domains =
foo.org
config_file_version = 2
services = nss, pam
[
domain/foo.org]
ad_domain =
foo.org
krb5_realm =
FOO.ORG
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
All on Red Hat 7.6.
The goal is to use an AD group in a samba share but it obviously does not
lookup groups in the AD, only specific users.
--
Venlig hilsen - best regards